Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
3ed9f2c6339d6513940c15d4a58378af.bin
-
Size
176KB
-
Sample
240111-bvzw4sbhgr
-
MD5
2a09b569131c5333aa189ee9aa9d2daa
-
SHA1
502a861dfd407547f7b43d0264b34b2e72e091f8
-
SHA256
c8baca5b39f860e63c00b27f50ef2dc6e308d0cfef5d27f49348f32ec70e9a92
-
SHA512
781cd400c23da382712491f5d07dff82c7045e94910c588814cd12308d8de4e2aaa4c9c9e78366c7eafa563e2cf58c409c47dc6c18d9817560594ba44ee75826
-
SSDEEP
3072:1/t9XCLtGu5kaoBJXDBU5DYBD62q/nUHSPyFbGyZz53RkhrtP1Q/b7o:1/twLge6q8yaFqqzFMrtW/b8
Static task
static1
Behavioral task
behavioral1
Sample
dd02b4f83462302b06278dea2591a9d32ab4534743f96b44b24d642e55b721fb.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
dd02b4f83462302b06278dea2591a9d32ab4534743f96b44b24d642e55b721fb.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
smokeloader
pub1
Extracted
smokeloader
2020
http://host-file-host6.com/
http://host-host-file8.com/
Targets
-
-
Target
dd02b4f83462302b06278dea2591a9d32ab4534743f96b44b24d642e55b721fb.exe
-
Size
312KB
-
MD5
3ed9f2c6339d6513940c15d4a58378af
-
SHA1
bd75e9514537bb38e9ba648c92a837e7d8d7b66d
-
SHA256
dd02b4f83462302b06278dea2591a9d32ab4534743f96b44b24d642e55b721fb
-
SHA512
530d1c04fd3acc0a35b54221ae5e25b4ab02fdf656bfda516bab009e94f292cffec83a8480cf95c3bacddc295a845206e6409658c837c3c78f0d1aca5cdf8036
-
SSDEEP
6144:V6xELH+Ym/eqLhvhXfRWK4Pg343g77ji:cxEL+HeqLh2K45QX
-
Modifies firewall policy service
-
Modifies security service
-
Disables taskbar notifications via registry modification
-
Disables use of System Restore points
-
Sets file execution options in registry
-
Sets service image path in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks for any installed AV software in registry
-
Drops desktop.ini file(s)
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
3Create or Modify System Process
2Windows Service
2Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
3Create or Modify System Process
2Windows Service
2Scheduled Task/Job
1